PrepAway - Latest Free Exam Questions & Answers

Which of the following should be considered FIRST when implementing a risk management program?

Which of the following should be considered FIRST when implementing a risk management
program?

PrepAway - Latest Free Exam Questions & Answers

A.
An understanding of the organization’s threat, vulnerability and risk profile

B.
An understanding of the risk exposures and the potential consequences of compromise

C.
A determination of risk management priorities based on potential consequences

D.
A risk mitigation strategy sufficient to keep risk consequences at an acceptable level

Explanation:

Implementing risk management, as one of the outcomes of effective information security
governance, would require a collective understanding of the organization’s threat, vulnerability and
risk profile as a first step. Based on this, an understanding of risk exposure and potential
consequences of compromise could be determined. Risk management priorities based on
potential consequences could then be developed. This would provide a basis for the formulation of
strategies for risk mitigation sufficient to keep the consequences from risk at an acceptable level.


Leave a Reply